[Owasp-leaders] owasp-informal

Dennis Groves dennis.groves at owasp.org
Sat Feb 2 13:52:07 UTC 2013


Its always been my humble opinion that if a new leaders list were to be 
created - that the new list would become the 'decisions' list; as this 
list has already degenerated into tangent conversations. However, the 
new list is going to also degenerate over time; **it is human behaviour 
to connect ideas and travel tangents!**

     This is how discoveries are discovered, ideas clarified and 
difficult problems solved.

I don't understand what problem a new list solves; aside from Jim not 
having to listen to me. :)


Dennis

On 2 Feb 2013, at 13:44, Achim wrote:

> Dinis, Jim, I can add all members of the leaders list to the new 
> informal list,
> this is technical no problem.
>
> But I'm not sure if everyone wants to be subscribed to a new list, it 
> would be
> better if each human opts in first.
> Or should we ask to opt out for the new list?
> Any ideas how to manage that?
>
> Achim
>
>
> Am 02.02.2013 13:47, schrieb Dinis Cruz:
>> For that to work you need to subscribe all members of the 
>> OWASP-leaders into the OWASP-informal
>>
>> The reason these threads exist is because of the value of the 
>> leader's shared knowledge
>>
>> Dinis Cruz
>>
>> On 2 Feb 2013, at 10:50, Jim Manico <jim.manico at owasp.org> wrote:
>>
>>> Ok let's do this.
>>>
>>> We setup owasp-informal.
>>>
>>> https://lists.owasp.org/mailman/listinfo/owasp-informal
>>>
>>> 1) May I suggest we tighten down the use of owasp-leaders to OWASP 
>>> news only?
>>> 2) Those who want to chit chat off-topic please migrate to 
>>> owasp-informal?
>>> 3) Simply banning Dennis Groves from leaders alone will help. ;) 
>>> Dennis, can I make you admin of owasp-informal ?
>>>
>>> Aloha,
>>> --
>>> Jim Manico
>>> @Manicode
>>> (808) 652-3805
>>>
>>> On Feb 1, 2013, at 11:42 PM, Abbas Naderi <abbas.E at owasp.org> wrote:
>>>
>>>> Remember when we had a plan to make two leaders list, one for free 
>>>> discussions and one for decision making?
>>>>
>>>> I think there's a Gaussian Hole where our plans go :D
>>>> -Abbas
>>>> On ۱۴ بهمن ۱۳۹۱, at ۳:۲۵, Jason Johnson 
>>>> <jason.johnson at owasp.org> wrote:
>>>>
>>>>> Best part is I will be using this in meeting for the government.
>>>>>
>>>>> On Feb 1, 2013 5:37 PM, "Dennis Groves" <dennis.groves at owasp.org> 
>>>>> wrote:
>>>>>> On 1 Feb 2013, at 22:54, Konstantinos Papapanagiotou wrote:
>>>>>>
>>>>>>> It's truly amazing what we've turned this thread into. :)
>>>>>>> Despite various formal or informal definitions, I believe that 
>>>>>>> "marketing" wise it's better to talk about the top10 risks 
>>>>>>> rather than the top10 vulnerabilities.
>>>>>>
>>>>>> I can't agree with Konstantinos more!!! Business executives don't 
>>>>>> have one fuck to give about vulnerabilities; but you start 
>>>>>> talking about 'risk' to their business and they are all ears. It 
>>>>>> is about the relevance to the companies we are trying to assist; 
>>>>>> not about what it 'technically' is that matters…
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Can help get heard by executives while the rest will easily 
>>>>>>> think that practically risks are [a result of] technical 
>>>>>>> vulnerabilities.
>>>>>>>
>>>>>>> Kostas
>>>>>>>
>>>>>>> On 2 Φεβ 2013, at 0:48, Eoin <eoin.keary at owasp.org> wrote:
>>>>>>>
>>>>>>>> It's a payload delivery system.
>>>>>>>>
>>>>>>>> Eoin Keary
>>>>>>>> Owasp Global Board
>>>>>>>> +353 87 977 2988
>>>>>>>>
>>>>>>>>
>>>>>>>> On 1 Feb 2013, at 22:33, Jim Manico <jim.manico at owasp.org> 
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> I do not think of XSS as an attack, XSS is a weakness or 
>>>>>>>>> vulnerability.
>>>>>>>>>
>>>>>>>>> An attack would be something like "Site Defacement using XSS".
>>>>>>>>>
>>>>>>>>> Aloha,
>>>>>>>>> Jim
>>>>>>>>>
>>>>>>>>>> Roughly. XSS is used as
>>>>>>>>>> xss = weakness, vulnerability, attack (and some more)
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Am 01.02.2013 22:23, schrieb Eoin:
>>>>>>>>>>> Nope. Risk is impact x probability
>>>>>>>>>>> Vulns = xss SQLI etc
>>>>>>>>>>>
>>>>>>>>>>> Eoin Keary
>>>>>>>>>>> Owasp Global Board
>>>>>>>>>>> +353 87 977 2988
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On 1 Feb 2013, at 20:43, Tom Brennan <tomb at owasp.org> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Considering its risks not vulns., hope he updates his cards 
>>>>>>>>>>>> for 2013
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Feb 1, 2013, at 3:39 PM, "Dennis Groves" 
>>>>>>>>>>>> <dennis.groves at owasp.org> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hello OWASP,
>>>>>>>>>>>>>
>>>>>>>>>>>>> I couldn't resist posting this to the list! I think that 
>>>>>>>>>>>>> is just pure awesome!
>>>>>>>>>>>>>
>>>>>>>>>>>>> I ran across this sole proprietor of this security firm 
>>>>>>>>>>>>> this week at a local security event. He expressed a great 
>>>>>>>>>>>>> deal of gratitude and thanked us for all the amazing work 
>>>>>>>>>>>>> the community has produced.
>>>>>>>>>>>>>
>>>>>>>>>>>>> He said he had the OWASP top 10 on the back of his 
>>>>>>>>>>>>> business cards since the OWASP top 10 was published, but 
>>>>>>>>>>>>> he didn't have any with him, so I gave him mine and 
>>>>>>>>>>>>> promised to send me his card when he got home.
>>>>>>>>>>>>>
>>>>>>>>>>>>> And since they are digital, I just had to share this with 
>>>>>>>>>>>>> the list. He said OWASP helped his micro-business 
>>>>>>>>>>>>> enormously because his clients were not able to ignore his 
>>>>>>>>>>>>> advice anymore because 'the worlds security experts' were 
>>>>>>>>>>>>> advocating the same practices.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Anyhow, I love stories about how OWASP made a difference 
>>>>>>>>>>>>> for people & I hope you do too.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Dennis
>>>>>>>>>>>>>
>>>>>>>>>>>>> Dennis Groves, MSc
>>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


-- 
[Dennis Groves](http://about.me/dennis.groves), MSc
[Email me](mailto:dennis.groves at owasp.org) or [schedule a 
meeting](http://goo.gl/8sPIy).

*This email is licensed under a [CC BY-ND 
3.0](http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB) license.*

**Please do not send me Microsoft Office/Apple iWork documents.**
Send [OpenDocument](http://fsf.org/campaigns/opendocument/) instead!
Stand up for your freedom to install [free 
software](http://www.fsf.org/campaigns/secure-boot/statement).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130202/cc261f8f/attachment.html>


More information about the OWASP-Leaders mailing list